Plugin Planet

Premium WordPress Plugins

As of BBQ Pro version 1.3, it is possible to log the details of blocked requests by hooking into the scan() function. This tutorial explains how to get started and provides a plugin to help you go further.

BBQ Pro 1.3 and better provides the following action hook:


This hook enables you to access the following variables for each request:

  • $match – the matching pattern
  • $request_uri – the requested URI
  • $query_string – the query string
  • $user_agent – the user agent
  • $referrer – the referrer
  • $protocol – the HTTP protocol
  • $ip_address – the IP address
  • $the_request – the full URI request

So you can write your own custom logging functions to record requests that are blocked by BBQ Pro. Here is a simple example:

function bbq_log_requests($match, $request_uri, $query_string, $user_agent, $referrer, $protocol, $ip_address, $the_request) { 
	if (!isset($match) || empty($match)) return;
	$admin_email = get_bloginfo('admin_email');
	$subject = 'BBQ Alert: Blocked Request';
	wp_mail($admin_email, $subject, $match);
add_action('bbq_scan', 'bbq_log_requests', 10, 8);

This simple function grabs the variables, lines them up, and sends the site admin an email alert. It is a simple example, but shows how to hook into BBQ Pro and do some custom logging of blocked queries.

Why isn’t detailed logging built-in to BBQ Pro?

One reason: performance. BBQ Pro is designed with two main objectives: security and speed. I heart BBQ Pro because it is so ultra lightweight and super fast, so it protects your site without slowing things down. You should not have to sacrifice speed for security. With BBQ Pro you can have both.

Besides, BBQ Pro does provide basic count statistics in a nice graphical interface to show you which patterns are blocked the most. Here is a screenshot of the stats that are included with BBQ Pro:

BBQ Pro - BBQ Statistics

But it’s also nice to be able to log more robust data, details and such. So the bbq_scan hook now is available to help make it happen. For a more complete example of how the hook can be used to log request data, download the following free example plugin.

Download BBQ Logging Plugin

Download BBQ Log Requests Plugin

Essentially it does the same thing as the previous code example, only with more details and auto-functionality. It’s entirely plug-n-play with no configuration required. Again, it’s meant as an example to get you started with your own custom implementation. Check out the source code to see the utter simplicity of it all.

More development in the works

Note that this example plugin is just a starting point because people have asked for it. I will be beefing up the plugin to include database logging in future updates of BBQ Pro, so stay tuned!